Node.js 安全漏洞

Node.js is an open-source, cross-platform JavaScript runtime environment developed by the Node.js community. Versions 20.x, 22.x, 24.x, and 25.x of Node.js have security vulnerabilities. These vulnerabilities stem from HMAC verification using a comparison that does not maintain constant time, whi...

CVE-2024-9432

CVE-2024-9432 pertains to OpenText Vertica where a vulnerability in the Vertica agent can allow reading a plaintext API key. Affected versions are Vertica 23.X, 24.X, and 25.X. The CVSS metrics indicate local attack vector with high exploit complexity and high privileges required, potentially imp...

Astra Linux – Vulnerability in Poppler

Versions of Poppler from 24.06.1 through 25.x, prior to 25.04.0, allowed stack consumption and a SIGSEGV due to deeply nested structures within the metadata of a PDF document such as GTSPDFEVersion. This issue occurred in functions like Dict::lookup, Catalog::getMetadata, and related functions in...

CVE-2023-25821

Nextcloud is an Open Source private cloud software. Versions 24.0.4 and above, prior to 24.0.7, and 25.0.0 and above, prior to 25.0.1, contain Improper Access Control. Secure view for internal shares can be circumvented if reshare permissions are also given. This issue is patched in versions 24.0...

Adobe Photoshop 24.x < 24.7.4 / 25.x < 25.11 Vulnerability (APSB24-49)

The version of Adobe Photoshop installed on the remote Windows host is prior to 24.7.4/25.11. It is, therefore, affected by a vulnerability as referenced in the apsb24-49 advisory. - Photoshop Desktop versions 24.7.3, 25.9.1 and earlier are affected by a Use After Free vulnerability that could...

PT-2023-2377 · Nextcloud +2 · Nextcloud +2

Name of the Vulnerable Software and Affected Versions: Nextcloud versions 24.0.4 through 24.0.6 Nextcloud versions 25.0.0 Description: The issue is related to improper access control in Nextcloud, a private cloud software. This can allow a remote attacker to gain unauthorized access to limited...